Back to Top

Sunday, April 26, 2009

Interesting method for website blocking

462273752_990a45728d_o Quick note: I was listening to the latest episode of Watchguard’s Radio Free Security podcast (no relation with them, other than a listener to the podcast) and they discussed an interesting technique for filtering websites (I’m no fan of traffic filtering, but the technique seemed interesting):

Usually SSL requests are either blocked by the target IP or by the target hostname, because the filtering proxy doesn’t have the ability to look into the actual content. An other frequently used approach is for the proxy to decrypt and the re-encrypt the traffic, however this requires a certificate to be installed on every users computer, otherwise they will get an “Invalid certificate” error on every SSL website they visit. What the Watchguard appliance can do is to look at the certificate of the website (which is transmitted in the clear at the beginning of the session negotiation) and block based on the name present in the certificate. Nifty!

Picture taken from kpwerker's photostream with permission.


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.